[arvados] created: 2.1.0-2703-g70d97b98d

git repository hosting git at public.arvados.org
Thu Jul 14 14:13:55 UTC 2022 

        at  70d97b98ddf977505069795ef08236fb439b18e1 (commit)


commit 70d97b98ddf977505069795ef08236fb439b18e1
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date:   Thu Jul 14 11:01:46 2022 -0300

    19139: Fixes bug by always setting owner_uuid to the system root user's UUID.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>

diff --git a/services/api/app/models/user.rb b/services/api/app/models/user.rb
index d39695e27..1662278cc 100644
--- a/services/api/app/models/user.rb
+++ b/services/api/app/models/user.rb
@@ -350,6 +350,11 @@ SELECT target_uuid, perm_level
     self.save!
   end
 
+  # Called from ArvadosModel
+  def set_default_owner
+    self.owner_uuid = system_user_uuid
+  end
+
   def must_unsetup_to_deactivate
     if !self.new_record? &&
        self.uuid[0..4] == Rails.configuration.Login.LoginCluster &&

commit 0873efcdab481d9f77f477f4adbf56ee3380f2f9
Author: Lucas Di Pentima <lucas.dipentima at curii.com>
Date:   Thu Jul 14 10:59:41 2022 -0300

    19139: Adds tests related to user creation.
    
    * Confirms that non-admin users cannot create user records.
    * Exposes bug where user's owner_uuid fields were populated with the UUID of
      the creating admin user instead of using the system root user's UUID.
    
    Arvados-DCO-1.1-Signed-off-by: Lucas Di Pentima <lucas.dipentima at curii.com>

diff --git a/services/api/test/integration/users_test.rb b/services/api/test/integration/users_test.rb
index 3660d35ba..369e3a2ef 100644
--- a/services/api/test/integration/users_test.rb
+++ b/services/api/test/integration/users_test.rb
@@ -493,4 +493,31 @@ class UsersTest < ActionDispatch::IntegrationTest
       headers: auth(:admin))
     assert_response 422
   end
+
+  test "creating users only accepted for admins" do
+    assert_equal false, users(:active).is_admin
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo at example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:active)
+    assert_response 403
+  end
+
+  test "create users assigns the system root user as their owner" do
+    post '/arvados/v1/users',
+      params: {
+        "user" => {
+          "email" => 'foo at example.com',
+          "username" => "barney"
+        }
+      },
+      headers: auth(:admin)
+    assert_response :success
+    assert_not_nil json_response["uuid"]
+    assert_equal users(:system_user).uuid, json_response["owner_uuid"]
+  end
 end

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list